Added: 04/16/2007
CVE: CVE-2007-1748
BID: 23470
OSVDB: 34100
The Windows DNS service runs an RPC management interface which listens on a dynamically assigned TCP port.
A buffer overflow vulnerability in the Windows DNS service allows remote attackers to execute arbitrary commands by sending a specially crafted RPC request to the management interface port.
See Microsoft Security Advisory 935964 for information on available updates and workarounds.
<http://www.us-cert.gov/cas/techalerts/TA07-103A.html>
Exploit works on Windows 2000 SP0 to SP4 and Windows Server 2003 SP1 and SP2.
Windows 2000
Windows Server 2003